Adventures with robocopy.exe

It’s been a while since I had to make copies of large numbers of files in complex directory structures from the Windows command prompt but, faced with the need to take a backup within a command line environment (the WinRE Command Prompt), I needed to refresh my Windows command line skills.  There’s loads of advice out there on the Internet (most of it subjective) but the general consensus seems to be that the Extended Copy command (xcopy.exe) is deprecated and has been replaced in recent versions of Windows by the Robust File Copy command (robocopy.exe). Of course, there are many alternatives but they are not natively provided in WinRE!

(Some of the more useful articles I found are Nicholas Tyler’s reply on Stack Overflow, Oliver Muchai’s reply on Super User and Scott Hanselman’s blog post from 2007.)

Robocopy has loads of options but the ones I selected in the end were:

robocopy sourcefolder targetfolder /MIR /ZB /XJ /R:3 /W:1 /log:filename.txt

to make a mirror copy of the data, in restartable mode (to survive network glitches), using backup mode in the case of an access denied error, to exclude Junction Points, to retry 3 times on failure, waiting 1 second each time (compared with the defaults of 1 million and 30 seconds respectively) and to log to the chosen file.

The /XJ switch was added as a late addition after some abortive attempts ended up with recursive Application Data folders. Some people have erroneously referred to this as a bug in Robocopy – actually it’s caused by Windows’ attempts to prevent application developers writing to system locations (and forcing them to write to the user profile instead, as described by “DaddyMan” on a Microsoft Forum post:

“The Application Data folder is actually a junction, which points back to its parent folder.
[%username]\AppData\Local\Application Data\
points to
[%username]\AppData\Local\”

and by Shawn Keene (@LtCmdrKeene) in another, similar, post:

“[Any time] an application tries to save a file to a naughty location (such as C:\Windows or C:\Program Files), Windows will force the actual save to end up at a place inside your user folder instead (C:\Users\Username\LocalSettings\VirtualStore\Program Files).  It tricks the program into thinking that the file really did go to the Program Files folder, but in reality it’s somewhere inside your user folder.

This [virtualisation] (tricking the program) is required so that badly-created apps that save to naughty locations will still work.  The alternative is that the program tries to save and then crashes when it can’t access the Program Files folder.  If Windows didn’t do this, the program would require administrator access every time it runs — which is very insecure, plus would make the program impossible to use in corporate environments where users aren’t allowed to be administrators.

Rest assured that the multiple layers you are seeing are a result of folder redirection and [virtualisation] (also known as junction points).  There’s no need to clean these up or correct it, and you are well advised to avoid exploring those files.”

Finally, I needed to remove the folders that I had accidentally created with recursive Application Data folders inside (I counted 25 in one case!). Neither Windows nor the Windows Command Prompt (del and rmdir commands) could do this, resulting in “too long” errors but Super User Aaron has the answer (which is a variation on the method Bob Coss commented on one of my own old blog posts):

“Create an empty directory with mkdir empty, then use robocopy empty\ "Application Data\" /mir" which will remove the whole directory tree. Then issue a rmdir empty and rmdir "Application Data to clean up and you’re done.”

Windows 10 PC stuck in BitLocker loop (and recovering details of open tabs in the Edge browser)

I try not to reboot my PCs too often – frankly I thought I’d left the days of daily reboots behind with Windows 95 – but, faced with a display driver bug on my Surface Pro 3 (that seems to be triggered by the Azure Portal), a change of password that led to repeated authentication prompts (and OneDrive refusing to sync), together with some software updates pushed to my PC from SCCM, I had little choice this afternoon.

Unfortunately that “quick reboot to get things working again” turned into a disaster, with an hour long support call, followed by a desperate attempt to recover the last few hours’ work.

Stuck in a BitLocker loop

After rebooting, I found that a Windows 10 update hadn’t properly applied. Each time I entered my BitLocker PIN, I was faced with a message that invited me to use the BitLocker key to recover my PC. My IT support team gave me my key… and then after a restart we went round the loop again. We tried hard resets, turning the TPM on and off in the BIOS and more, until I found a TechNet wiki article that seemed to describe the issue (or at least something very like it).

To terminate this BitLocker recovery loop, I needed to suspend BitLocker from within the Windows Recovery Environment (WinRE). That’s OK, as long as you have the recovery key and, following the advice in the article linked above, I chose the “Skip this drive” link at the bottom of the page that requests entry of the recovery key, before selecting Advanced options/Troubleshoot/Advanced options/Command Prompt.

Next, I disarmed BitLocker using the following commands:

manage-bde -status c:
manage-bde -unlock c: -rp recoverypassword
manage-bde -protectors -disable c:

With BitLocker disabled, I hoped to be able to restart the PC and boot Windows, but unfortunately it was still not playing ball. I’ll be driving to the office on Monday for someone to take a look at my PC and I suspect a rebuild will be on the cards…

Work in progress

Despite the support team’s assurances that all of my data is on servers, I’m pretty sure it’s not. All of my data until I changed my password is on servers but anything since then has been failing to sync. If the sync engine can’t authenticate, I’m pretty sure I must be working from a local copy – which will be lost if the PC is rebuilt!

The items of most concern to me were some scripts I’d finally got working this afternoon; and any notes in OneNote.  I wrote last year about issues with OneNote and OneDrive (now overcome by doing it properly) but goodness knows where the unsynced changes are (again, I found a backup, but it doesn’t have the latest changes in it).

Again, using the WinRE Command Prompt, I backed up the files I thought were most likely to be missed. I tracked down the scripts that I’d finally completed and that had led to a few late nights this week (phew!) – and made a backup copy of my user profile, just in case.

The last worry for me was my browser. Forced by policy to use a Microsoft browser, I had lots of open tabs in Edge, as well as a few in Internet Explorer. The ones in Edge included the various posts I’d found that had helped me to complete my scripts – and I wanted to go back through them to blog about what I found…

Edge does recover sessions after a crash but, with a potential PC rebuild on the cards, I’m not sure I’ll ever get the chance so I tried tracking down the location of the recovery data.  Brent Muir’s fascinating look at Windows 10 – Microsoft Edge Browser Forensics told me where to find the recovery files (in %userprofile%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active) but they are binary. Gleb Derzkij’s answer to a Stack Overflow forum post looked useful but I couldn’t get it to work.  What I could do though was open each of the (115!) .dat files in the Active Recovery folder using Notepad and see enough information in there to identify the URIs, then manually copy and paste them to a text file (ready to open when I’m back at my PC).

So that’s recaptured my work and the PC is ready to be completely razed to the ground if necessary. And the moral of the story? Never apply updates on Friday the 13th!

Reset the password for a Windows virtual machine in Azure

Imagine the scenario: you have a virtual machine running in Azure but something’s gone wrong and you don’t have Administrative credentials to log in to Windows. That’s a more common occurrence than you might expect but there is a workaround: in Azure there an option to reset the local administrator password.

Unfortunately, that capability hasn’t been implemented yet in the management portal for Azure Resource Manager but it is available in Microsoft Azure PowerShell.

Reset Password - Coming Soon

I found the following commands worked for me (based on a blog post by Dan Patrick), resetting the built-in administrator account for the defined server in the defined Resource Group to be called DisabledAdmin (after which it won’t be disabled any more but after unlocking the server and creating an alternative administrator, the built in account can be disabled again) with a GUID for the password:

$rgName = "Example-Resource-Group"
$vmName = "SERVERxxx"
$extName = "VMAccessAgent"
$userName = "DisabledAdmin"
$password = [guid]::newguid()
$location = "westeurope"
Set-AzureRmVMAccessExtension -ResourceGroupName $rgName -VMName $vmName -Name $extName -UserName $userName -Password $password -Location $location

(of course, you’ll need to take a note of that GUID if you want to log in to the account!).

The VM Access Extension can be called anything you like (the MSDN reference for Set-AzureRmVMAccessExtension gives more information); however, as noted in the Microsoft Azure documentation (How to reset the Remote Desktop service or its login password in a Windows VM):

“You can reset remote access to your VM by using either Set-AzureRmVMExtension or Set-AzureRmVMAccessExtension

“Both commands add a new named VM access agent to the virtual machine. At any point, a VM can have only a single VM access agent. To set the VM access agent properties successfully, remove the access agent set previously by using either Remove-AzureRmVMAccessExtension or Remove-AzureRmVMExtension. Starting from Azure PowerShell version 1.2.2, you can avoid this step when using Set-AzureRmVMExtension with a -ForceRerun option. When using -ForceRerun, make sure to use the same name for the VM access agent as set by the previous command.”

So, by using a known name for the VM Access Extension (VMAccessAgent), I can avoid potential issues later.

A tale of three road tolls: part 3 (liberty on French autoroutes)

Over the Easter holidays, I was lucky enough to enjoy a skiing holiday in the French Alps with my family. Aside from the holiday leading to me finally accepting that my kids are now both better skiers than I (after 2 seasons my 11 year-old is skiing black runs and my 9 year-old is on reds whilst I, on the other hand, lack their low centre of gravity and absence of fear), the road trip there and back gave me a chance to a) test out our new Volvo XC60 on a decent journey (it is very comfortable) and b) follow a friend’s advice to use an electronic tag for convenient passage through French autoroute tolls.

After a successful pilot with the same tag system (but different operator) on the UK’s M6 Toll, I felt ready for the SANEF Liber-T tag, which even has a billing option aimed at UK motorists travelling to France.

I’ve also found I could get a reduced price because I was travelling via Eurotunnel and had a booking reference (a frequent traveller number will do too) – saving the €10 application fee. The offer can be withdrawn at any time but seems to have been going for a couple of years now.  And, when I posted about this on a Volvo Owners Forum, I was told about another scheme that seems to be less expensive.  Definitely worth looking into…

The instructions for mounting the tag were different to my M6 Toll experience and I have to admit I’m not sure I have it quite right (maybe I should try the back of the mirror next time) but some waving of the tag at the readers seemed to kick things into life on the occasions that the barrier didn’t rise on my approach!

Back home in the UK, my tolls were arranged into one bill, and paid monthly (albeit with a currency conversion charge) but the convenience (and the ability to cruise through dedicated toll lanes at the péage) makes it worthwhile. The Liber-T tag works on all toll motorways in France (excluding the Mont Blanc and Fréjus tunnels), regardless of operator.

So, three tales, three tolls, three very different experiences. Now, back to the tech…

A tale of three road tolls: part 2 (the M6 Toll)

Following my experiences with the Dart Charge (see part 1) and in preparation for an upcoming trip to France where I planned to use electronic tolls, I decided to try out a similar system on Britain’s only private Motorway – the M6 Toll in Staffordshire.

So, on the way back from the office one day, I picked up an M6 Toll Tag at Norton Canes service area, which came pre-loaded with £25 of credit (the same as I paid for the tag). Then, by calling up and opening an account, I was given £10 more credit; and by topping up with another £30 of credit, I was given another £5. So, that’s one tag with £70 of credit for £55. Even with a monthly charge of £1 that means I’m up by a few quid (and a corresponding 5% discount on journeys should go towards the monthly charging over time).

After fitting the tag to the back of my rear-view mirror, I drove (with some trepidation it has to be said) towards the barrier, heard a re-assuring “beep”, saw it lift, and then cruised on through the toll booths.

Result! With a tag working through my car’s heated windscreen on UK roads, I was in business – ready for the next adventure, on French Autoroutes!

A tale of three road tolls: part 1 (the Dart Charge)

London’s orbital motorway, the M25, is not a circle (as many people suggest) but has a short section of trunk road joining the ends and crossing the River Thames east of London. That road, the A282 Dartford Crossing, has an associated charge which, until recently, was collected at toll booths.

Originally the tolls were to be removed on 1 April 2003 under the original Private Finance initiative (PFI) scheme contract that was used to finance the Queen Elizabeth II bridge but instead, under the 2000 Transport Act, the A282 Trunk Road (Dartford-Thurrock Crossing charging scheme) Order 2002 allowed the continuation of the crossing fee, which officially became a charge and not a toll.

Since 30 November 2014 the toll booths have been removed and replaced by an electronic charge [update: there are some overnight journeys that are not charged], but that’s not without its issues, as I found when I travelled to Dartford and back a few weeks ago.

Dart charge warning letter and PCNI hadn’t used the route for years, but had heard about the changes (I even contacted the operator to see if my new tag for the French motorways, also operated by SANEF, would work – it won’t!). I also saw the signs advising me to pay by midnight the next day (confusingly using the same symbol as the London Congestion Charge, which is unrelated). Unfortunately, faced with congestion, delays, a stressful day with a difficult customer and an equally stressful journey home (total driving time for the day was 6 hours for around 180 miles – a pathetic average speed considering it was mostly on motorways!) – and I forgot.

It was an honest mistake and, when I realised a few days later, I called the Dart Charge contact centre. Aided by some extremely patient and helpful people, I was told not to worry, to wait for the penalty charge notice and that I would be given a chance to pay (without penalty) on my first infringement. But I’d travelled both ways! In turns out that’s OK too – just pay all outstanding charges on receipt of the first notice.

I was also told how I could sign up for automatic payment in future (a facility I tested on a journey to France a few weeks later) – if only the official government website for the Dart Charge made that clear but it’s one of those sites that’s been so over-“simplified” that it’s no longer clear.  The warning letter is equally confusing: because my PCNs arrived on different days (and I needed to pay before leaving the country on Easter holidays!), I couldn’t see how to pay all outstanding charges in one hit online. Luckily the contact centre for the Dart Charge came to my rescue again!

Gov.UK suggests setting up an account but doesn’t mention the advantage of doing so is to provide a pay-as-you go facility. Indeed the only reference to payment in advance is by post! There’s actually better advice in the Daily Telegraph article about the changes!

So, if you are planning to use the Dartford Crossing (by bridge or tunnel), I recommend signing up for an account and paying as you go by credit or debit card to avoid a lot of stress (and potentially hefty fines). Definitely worth it!

Speaking at Milton Keynes Geek Night (#MKGN)

For the last few years, I’ve been heading into Milton Keynes once a quarter (and on a couple of other occasions too) to attend the Milton Keynes Geek Night, organised by Richard Wiggins (@richardwiggins) and David Hughes (@davidhughes). Last time I had the crazy idea that I might speak at a future event. Furthermore, Richard took me up on the offer. Gulp.

So, unaccustomed as I am to public speaking, I’ll be doing a little 5 minute talk on 9 June 2016 to represent some of the geeks of Milton Keynes who are neither designers nor developers. I haven’t written the presentation yet, but the synopsis is below:

Would you move all of your IT services to the cloud? Many organisations are moving all, or part of, their IT infrastructure and applications to the cloud. In this talk, I’ll share some of my experiences from helping to first migrate and then transform, enterprise IT services, using a mixture of infrastructure-, platform- and software-as-a-service technologies.

Tickets for MK Geek Night 17 have sold out but you can get on the waiting list (and talks are recorded and posted on Soundcloud). Please be nice to me.

Retired: Mark’s Office 365 Resource Centre

18 months ago, I created “Mark’s Office 365 Resource Centre” using the public site from my Office 365 subscription. Over the last few months it’s fallen by the wayside as my focus has recently moved towards Azure (and Office 365 public websites are a deprecated feature) so I decided to move it here.  This content is no longer maintained, but may still contain some useful links.

New functionality

See also Office 365 Updates on the Office Blogs.

Planning and Deployment resources

Technical resources

Training and certification

Licensing

To license Office 365, costs are provided on the Microsoft Online Services Customer Portal. These are ordered and paid for directly by customers (although trial tenants may be created by partners though the
FastTrack portal). Customers with Enterprise Agreements have additional options including not just the Office 365 plans but ‘add-on’ and ‘bridge’ licenses for on-premises Office and CAL Suites.

Information for partners

Tips, tricks and more from my blog

There are a few posts missing from this list, because I consider them to be out-of-date (although they are still available):

Useful to know

(Including tips and tricks from elsewhere on the web):

Bits and bytes (downloads)

Ad blocker detection

Ad blocking has become increasingly common on the Internet. We all hate those sites that place obtrusive ads in the middle of content (Forbes, ZDNet, I’m looking at you!) but for many sites it’s fairly passive content – simple images, banners, etc. placed above, below or to the side of the main content. We might not particularly like it – the ads are not always intelligent (how many times have you bought something and then seen ads for the site where you already made a purchase based on the cookies on your computer?!) – but nothing in life is truly free and the websites that offer advice, etc. that help fix our problems are often at least part-funded by ads.

My blog currently has over 2000 posts written over a 12 year period. Some are good, some are bad. Some are rants, some are really useful with lots of positive comments saying words to the effect of “thanks for sharing this”. A few years ago, I used to make about £50 a month from Google ads. With hosting charges of around £100 a year, plus domain name registrations of about £25 a year, that gave me some profit to go towards IT equipment and let me write more blog posts. I even set up a company for my writing and consulting. Then along came Google’s Panda algorithm change which de-emphasised blogs in search results. Almost overnight, I saw 90% drop in revenue.

My company ceased trading a while ago – and my day job now means that I can’t continue it for contractual reasons – but, to be honest it had long since become more effort than it was worth.

I now make about £60 a year from ads and maybe a few more pounds from referrals. The UK Government takes 42% of this in tax. I write less content than I used to (I’m a busy guy but I’m also less motivated to do so). My website hosting costs far outweigh the revenue of the site but the ads help a little. This blog is nothing more than a labour of love.

On the last site redesign, I moved my ads to the bottom of the page. I also added a notice asking people not to block the ads. Now I’ve upped the ante a little by using Pat O’Brien‘s Ad Blocking Advisor WordPress plugin to display a notice when the site detects ad blocking. I’m not ad-blocker-blocking because you can still read the content, but I do ask people with ad blocking software to reconsider:

“It looks like you use ad blocking software in your browser. I devote a lot of time to this website and the advertising doesn’t even cover my hosting charges but it helps a little. Please support this website by adding it to the whitelist in your ad blocker. Thank you!”

Ironically, I had to install an ad blocker to test the website functionality!

Professionalism at last: Chartered IT Professional (CITP) status

Mark Wilson, BSc (Hons) MBCS CITP. It’s got a nice ring to it. Except that I almost never use letters after my name (in fact, one of my customers complemented me a few days ago for not doing so – although I did point out to him that my email signature is auto-generated in software and so I don’t have the option!).

Regardless of the above, today, I received official notification that I’m now a Chartered Information Technology Professional (CITP). This accreditation is awarded by the British Computer Society (BCS), who describe it as:

“Aligned with The Skills Framework for the Information Age (SFIA), the UK Government backed competency framework, CITP is the benchmark of IT excellence.”

It’s been a bit of a journey to achieve professional status, so I thought I’d write a quick blog post about the process, just in case that’s helpful/useful to others.

The application process

My journey started around a year ago, whilst I was still working at Fujitsu, where all Distinguished Engineers had our BCS membership fees paid and were encouraged to apply for Chartered status. Unfortunately I had resigned by the time the invoice arrived and Fujitsu reneged on the promise to pay my CITP application fee, but I decided to make the payment myself and continue with the process.

As part of my application (including a copy of my CV and an experience statement), I had to demonstrate that I had been working for at least 3 of the last 5 years at SFIA level 5 (or above!). I also provided details of supporters who had known me and my work over that period.  I was reasonably confident that I work at that level – Fujitsu regraded many of their technical staff using SFIA shortly before I left and I was judged to be at level 5 (although there was some disagreement about whether I was a domain architect or a solution architect – I’ll save that for another blog post!)

Breadth of knowledge test

The next stage is the Breadth of Knowledge (BoK) test. The BCS describe this as:

“This stage involves a formal testing of core knowledge across the breadth of IT. The test comprises multiple choice questions which cover a broad range of sectors and topics.”

I had six months to complete this stage of the process. which is an exam undertaken at a Pearson Vue test centre. I can’t say much about the exam (it’s subject to a confidentiality agreement) except that if you truly are working at level 5 (i.e. reasonably senior roles) you probably have a broad enough experience of IT to be able to answer (or at least guess) most of the multiple-choice questions. There’s also some mock questions on the BCS website that give you a flavour of things – as well as a published syllabus and an extensive reading list, which I’m afraid I ignored…

The hardest part of the exam is that, in addition to an overall pass mark of 50 out of 75 questions, it’s necessary to score at least 8 out of 15 in each of the 5 sections.  In mock tests I was a bit close to the 8 and I couldn’t work out why. In the final exam I did OK in all areas.

Skills assessment interview

With the exam out of the way, the next stage is the skills assessment – a formal interview involving a 10-minute presentation and subsequent questioning. Again, the BCS offer guidance – and it’s worth reading it closely – the presentation shouldn’t be a rehash of your CV, or repeat other information in the application – but should:

“Deliver a clear and concise presentation of professional work for which you were personally responsible and which demonstrates your competence. Your presentation should be based on an area(s) from the SFIA skills within your chosen specialism.”

I had six months to prepare for, book, and carry out the skills assessment, which is conducted remotely using Citrix GotoMeeting. When I finally booked my appointment, I was pleased to find that there were weekend slots available. Unfortunately GotoMeeting wasn’t behaving for me when it came to starting the interview, but I did join early, the assessors were patient, and a reboot plus an analogue telephone line let me work around the issues…

The hardest thing for me in preparing for my interview was identifying which specialism most closely aligned to my work (I do find SFIA rather arcane in that regard) and that comes through in my presentation, embedded below (although the slides have limited value without the supporting script, I’m afraid).

I was also concerned that the assessors may not feel I was working at level 5 (even though Fujitsu had previously graded me at that level, that might not match the BCS view). Thankfully my answers to questions must have been sufficient because, about 10 days later I was contacted to say I had been successful, although formal notification would be slightly delayed.

Overall

Overall, it’s been a long, challenging process – one with time limits and a need to fit around my work (along with technical exams, blogging, and family life!). It’s also debatable whether the application fee and increased membership fees (albeit tax-deductible) will really make a difference in my career. I’m told that some Government departments reward CITP status with additional pay; sadly the private sector doesn’t seem to hold CITP in quite the same regard.

For me, I felt that some of my friends are chartered in their fields – be they surveyors or accountants – and I wanted to be able to similarly demonstrate professionalism in my field. I’d also like to hope that some of my customers will recognise that having a Chartered IT Professional work with them on their IT strategy and on transformation projects demonstrates the level of experience that they expect.

Right, one more time. The last time I’ll do this for a while, I suspect…

Mark Wilson, BSc (Hons) MBCS CITP

Chartered IT Professional